Krebs on Security

In-depth security news and investigation

Posts Tagged: Word zero-day

Adobe and Microsoft each issued updates to fix critical security vulnerabilities in their software today. Adobe patched its Flash Player software and Adobe AIR. Microsoft issued four updates to address at least 11 unique security flaws, including its final batch of fixes for Office 2003 and for systems powered by Windows XP.

Two of the four patches that Microsoft issued come with Redmond’s “critical” rating (its most severe), meaning attackers or malware can exploit the flaws to break into vulnerable systems without any help from users. One of the critical patches is a cumulative update for Internet Explorer (MS14-018); the other addresses serious issues with Microsoft Word and Office Web apps (MS14-017), including a fix for a zero-day vulnerability that is already being actively exploited. More information on these and other patches are available here.

As expected, Microsoft also used today’s patch release to pitch XP users on upgrading to a newer version of Windows, warning that attackers will begin to zero in on XP users even more now that Microsoft will no longer be issuing security updates for the 13-year-old operating system. From Microsoft’s Technet blog: Continue reading →